I believe you are talking about the account that you need to use on
the acs 5 to integrate with active directory. That account needs to have permissions to add computer accounts and thats it. Most people create that account on active directory and make it part of 'account operators' group or you can delegate control to have 'add computers' permission. Basically this is needed so that acs can add itself as a computer to the domain.